Internet Research Task Force (IRTF) S. Symington
Request for Comments: 6257 The MITRE Corporation
Category: Experimental S. Farrell
ISSN: 2070-1721 Trinity College Dublin
H. Weiss
P. Lovell
SPARTA, Inc.
May 2011
Bundle Security Protocol Specification
Abstract
This document defines the bundle security protocol, which provides
data integrity and confidentiality services for the Bundle Protocol.
Separate capabilities are provided to protect the bundle payload and
additional data that may be included within the bundle. We also
describe various security considerations including some policy
options.
This document is a product of the Delay-Tolerant Networking Research
Group and has been reviewed by that group. No objections to its
publication as an RFC were raised.
Status of This Memo
This document is not an Internet Standards Track specification; it is
published for examination, experimental implementation, and
evaluation.
This document defines an Experimental Protocol for the Internet
community. This document is a product of the Internet Research Task
Force (IRTF). The IRTF publishes the results of Internet-related
research and development activities. These results might not be
suitable for deployment. This RFC represents the consensus of the
Delay-Tolerant Networking Research Group of the Internet Research
Task Force (IRTF). Documents approved for publication by the IRSG
are not a candidate for any level of Internet Standard; see Section 2
of RFC 5741.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc6257.
Symington, et al. Experimental [Page 1]RFC 6257 Bundle Security Protocol May 2011Copyright Notice
Copyright (c) 2011 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document.
Symington, et al. Experimental [Page 2]RFC 6257 Bundle Security Protocol May 2011Table of Contents
1. Introduction ....................................................4
1.1. Related Documents ..........................................4
1.2. Terminology ................................................5
2. Security Blocks .................................................8
2.1. Abstract Security Block ....................................9
2.2. Bundle Authentication Block ...............................13
2.3. Payload Integrity Block ...................................15
2.4. Payload Confidentiality Block .............................16
2.5. Extension Security Block ..................................20
2.6. Parameters and Result Fields ..............................21
2.7. Key Transport .............................................23
2.8. PIB and PCB Combinations ..................................24
3. Security Processing ............................................25
3.1. Nodes as Policy Enforcement Points ........................26
3.2. Processing Order of Security Blocks .......................26
3.3. Security Regions ..........................................29
3.4. Canonicalization of Bundles ...............................31
3.5. Endpoint ID Confidentiality ...............................37
3.6. Bundles Received from Other Nodes .........................38
3.7. The At-Most-Once-Delivery Option ..........................39
3.8. Bundle Fragmentation and Reassembly .......................40
3.9. Reactive Fragmentation ....................................41
3.10. Attack Model .............................................42
4. Mandatory Ciphersuites .........................................42
4.1. BAB-HMAC ..................................................42
4.2. PIB-RSA-SHA256 ............................................43
4.3. PCB-RSA-AES128-PAYLOAD-PIB-PCB ............................44